Google Chrome extensions can be recognised to track you online
A tech researcher has created a website which uses your installed Google Chrome extensions for generating fingerprints on your device which can track you online.
The following characteristics including GPU performance, installed Windows applications, a device’s screen resolution, hardware configuration, and the installed fonts can support in creating fingerprints.
Probably, the device can be tracked over sites with the same fingerprinting methods.
The fingerprints of installed Chrome extensions –
Recently, z0ccc web developer established a new site namely, ‘Extension Fingerprints’ which can generate tracking hash based on installed Google Chrome extensions.
However, it declares certain assets as ‘web accessible resources’ which other web pages or extensions can access while creating a chrome browser.
Moreover, these sources are basically in image files which declare using the ‘web_accessible_resources’ property for browser extension files.
Specifically, it was revealed that web-accessible resources can be used to check installed extensions and develop fingerprints of visitors based on a combination of found extensions in 2019.
Moreover, z0ccc explains, ‘Resources of protected extensions will take longer to fetch than resources of extensions that are not installed.’
‘By comparing the timing differences you can accurately determine if the protected extensions are installed on the project’s GitHub page,’ z0ccc added
Hence, z0ccc created an Extension Fingerprints website for clarifying fingerprinting methods.
The use of browser-
It will check visitors’ browsers for the existence of web-accessible resources in 1,170 Google Chrome Web Stores.
The following extensions uBlock, LastPass, Adobe Acrobat, Honey, Grammarly, Rakuten, and ColorZilla can be identified on the website and accordingly, it’ll generate a tracking hash which uses for tracking.
The installation with many extensions will have less common fingerprints which can easily be tracked.
Besides those with no extension can have fewer fingerprints with less chance of tracking.
Moreover, adding other characteristics to the fingerprinting models can refine the fingerprints.
‘This is definitely a viable option for fingerprinting users’, z0ccc explains via email to Bleeping Computers.
Especially using the ‘fetching web-accessible resources’ method. If this is combined with other user data (like user agents, time zones etc) users could be very easily identified,’ with no extensions.
The extension fingerprints site works with chromium browsers however, it’ll work with Microsoft Edge, I’ll need to be adjusted to use extension IDs from Microsoft extension.
UBlock –
uBlock is one of the most commonly used extensions for fingerprints.
Additionally, z0ccc says, ‘By far the most popular is having no extensions installed. As previously said I do not collect specific extension data but in my own testing it seems that having only ublock installed is a common extension fingerprint’, z0ccc explains.
According to Bleeping Computers, the following percentage are the common extensions installed by users :
•58.248% – No extensions installed or enabled.
•2.065% – Only Google Docs Offline, which is •the only extension installed by default.
•0.528% – uBlock Origin + Google Docs Offline
•0.238% – AdBlock + Google Docs Offline
•0.141% – Adobe Acrobat + Google Docs Offline
•0.122% – Google Translate + Google Docs Offline
•0.019% – Malwarebytes Browser Guard
•0.058% – Grammarly + Google Docs Offline
•0.058% – LastPass + Google Docs Offline
•0.051% – Honey + Google Docs Offline
•0.013% – ColorZilla + Google Docs Offline.